Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144147.roa
File:                     AS144147.roa (raw, json)
Hash identifier:          xRajnoQV7QUuAmT0EE0eK6sNjAmtrQjWHyF4gGbJgC8=
Subject key identifier:   FF:F0:31:2B:09:45:2D:E5:87:63:8F:DA:35:CD:97:40:FB:72:19:A3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2AE4479FE353C7915F5D34BEB1CCFD096AAF9E6B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144147.roa
Signing time:             Wed 04 Mar 2026 06:13:18 +0000
ROA not before:           Wed 04 Mar 2026 06:08:18 +0000
ROA not after:            Wed 03 Mar 2027 06:13:18 +0000
asID:                     144147
IP address blocks:        240a:a5d9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:e4:47:9f:e3:53:c7:91:5f:5d:34:be:b1:cc:fd:09:6a:af:9e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:18 2026 GMT
            Not After : Mar  3 06:13:18 2027 GMT
        Subject: CN=FFF0312B09452DE587638FDA35CD9740FB7219A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7b:7d:b5:72:d8:c9:2f:82:19:b7:44:f8:22:
                    75:bd:9e:91:6c:df:ff:89:42:cf:99:79:4b:49:a7:
                    f7:2f:db:5c:9a:22:72:04:f0:9d:fd:c0:8a:97:ca:
                    1a:d3:b8:4d:0e:b5:84:af:f5:83:f1:87:2f:a1:9f:
                    84:f7:86:8f:82:48:81:f7:68:19:7f:00:56:f8:e4:
                    d6:65:af:61:a0:a5:58:f2:2d:cc:82:41:b1:0f:3b:
                    f9:4a:30:f4:c9:f5:72:df:cb:f0:75:70:59:83:89:
                    1b:23:64:3c:73:f0:6f:26:bc:13:b1:a6:0d:76:e9:
                    12:14:98:93:0c:74:54:48:22:49:49:61:96:f4:cb:
                    b3:5f:03:29:2b:31:f5:60:ad:49:a1:e4:90:ab:57:
                    13:da:ba:6a:f0:2e:20:f2:bf:66:3f:a9:52:43:5e:
                    63:d3:dd:85:29:4a:c3:7f:88:5a:fb:2a:15:c8:36:
                    42:41:bd:7b:c2:6c:c4:2b:20:91:78:0e:f2:de:d0:
                    51:75:1a:87:b5:9d:fd:de:f2:3f:11:d9:62:81:b1:
                    15:87:57:98:59:f7:f4:6a:70:6f:5e:3a:bc:92:e7:
                    76:c2:40:59:7e:e7:89:50:56:a5:25:9b:34:0c:17:
                    f3:3f:ac:77:95:ac:4b:04:93:b4:72:55:0d:8d:ad:
                    14:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F0:31:2B:09:45:2D:E5:87:63:8F:DA:35:CD:97:40:FB:72:19:A3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144147.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5d9::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:f5:50:48:e1:5c:3f:d0:85:6b:b9:c4:47:7e:2c:a4:37:2d:
         b1:3f:2a:a2:83:61:24:1b:f6:f5:85:93:64:16:f7:8a:aa:9d:
         1b:c9:cc:d2:c9:98:9b:cb:44:aa:b0:2b:05:22:85:b6:f2:b0:
         7c:4d:a2:f4:28:7f:61:3b:af:ba:55:55:44:ae:e5:31:c3:81:
         c1:1f:62:b9:ab:20:30:1b:86:9b:06:7f:cc:df:33:b6:0e:2f:
         79:0d:cf:7b:af:3b:91:cd:d5:8e:08:90:d3:0f:0f:69:58:d8:
         88:1f:5a:cc:f2:52:db:4f:b0:d7:d4:69:79:00:b5:ad:6d:45:
         e4:01:ae:b3:55:a6:ef:5a:28:81:76:08:81:7d:f9:44:0c:86:
         ad:14:c0:7d:c5:0d:38:d9:54:fc:1d:43:b1:36:90:64:ec:0f:
         b2:75:e4:b8:ca:03:85:df:37:ee:aa:57:5a:03:1e:c3:02:ea:
         fb:1a:3b:cb:f6:3d:83:10:2a:c6:f4:ce:4d:10:7a:be:74:5b:
         96:ee:2d:75:2f:56:c7:e4:48:5a:cc:a4:77:d9:98:cf:d0:eb:
         9f:0c:fb:ba:68:6b:07:e8:50:e8:8c:a9:29:04:be:bf:45:fe:
         63:63:ed:1b:ce:b6:c7:67:b7:23:45:34:05:07:9d:8f:75:ce:
         45:3b:60:b5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKuRHn+NTx5FfXTS+scz9CWqvnmswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxOFoX
DTI3MDMwMzA2MTMxOFowMzExMC8GA1UEAxMoRkZGMDMxMkIwOTQ1MkRFNTg3NjM4
RkRBMzVDRDk3NDBGQjcyMTlBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJp7fbVy2Mkvghm3RPgidb2ekWzf/4lCz5l5S0mn9y/bXJoicgTwnf3AipfK
GtO4TQ61hK/1g/GHL6GfhPeGj4JIgfdoGX8AVvjk1mWvYaClWPItzIJBsQ87+Uow
9Mn1ct/L8HVwWYOJGyNkPHPwbya8E7GmDXbpEhSYkwx0VEgiSUlhlvTLs18DKSsx
9WCtSaHkkKtXE9q6avAuIPK/Zj+pUkNeY9PdhSlKw3+IWvsqFcg2QkG9e8JsxCsg
kXgO8t7QUXUah7Wd/d7yPxHZYoGxFYdXmFn39Gpwb146vJLndsJAWX7niVBWpSWb
NAwX8z+sd5WsSwSTtHJVDY2tFFkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT/8DEr
CUUt5Ydjj9o1zZdA+3IZozAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDE0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pdkwDQYJKoZIhvcNAQELBQADggEBABb1UEjhXD/QhWu5xEd+LKQ3LbE/KqKDYSQb
9vWFk2QW94qqnRvJzNLJmJvLRKqwKwUihbbysHxNovQof2E7r7pVVUSu5THDgcEf
YrmrIDAbhpsGf8zfM7YOL3kNz3uvO5HN1Y4IkNMPD2lY2IgfWszyUttPsNfUaXkA
ta1tReQBrrNVpu9aKIF2CIF9+UQMhq0UwH3FDTjZVPwdQ7E2kGTsD7J15LjKA4Xf
N+6qV1oDHsMC6vsaO8v2PYMQKsb0zk0Qer50W5buLXUvVsfkSFrMpHfZmM/Q658M
+7poawfoUOiMqSkEvr9F/mNj7RvOtsdntyNFNAUHnY91zkU7YLU=
-----END CERTIFICATE-----